Zitat der eMail vom 06.04.2007 um 12:41 Uhr: > I recently discovered that a redirect-after-GET does not offer this > protection. I have a link on one page that duplicates the current > record, then does a redirect to the "view record" page displaying the > new record.
> Any other ideas or thoughts? As far as I know, with this kind of action performed on a GET request, you always have the possibility of unintentionally duplicated records. I think the HTTP spec says that there should be _no_ change of status performed on a GET request - GET should alwasy be repeatable without danger. For actions like yours, that's what other HTTP commands like POST and PUT are for. Because of that, some browser or cache utility may always prefetch pages reachable per GET request - resulting in unwanted action on your side. Even search engines will trigger actions if such a page is public. Or think of someone setting up a local search engine also... Just keep that in mind or correct me if I'm wrong. Andreas
signature.asc
Description: PGP signature
